A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-15515 represents a critical local privilege escalation vulnerability in Tencent PC Manager's QMUDisk driver (qmudisk64.sys) version 18.1.30242.301, stemming from uncontrolled search path manipulation (CWE-426, CWE-427). This vulnerability requires local access to exploit but carries high complexity and difficulty ratings, making it a sophisticated attack vector. Organizations deploying Tencent PC Manager—particularly in enterprise environments across Asia-Pacific regions—face elevated risk from local threat actors or compromised user accounts seeking to escalate privileges and maintain persistent access. The vendor's non-response to early disclosure compounds the severity, leaving affected systems without official patches.
While CVE-2026-15515 doesn't map directly to documented MITRE ATT&CK techniques, Casky's extended reasoning capabilities would detect the underlying attack patterns associated with Privilege Escalation (T1134), Exploitation for Privilege Escalation (T1548), and Driver-based attacks (T1547.006). Practitioners using Casky would identify suspicious patterns including: abnormal qmudisk64.sys loading sequences, unexpected DLL search path manipulations, and process behavior deviating from legitimate Tencent PC Manager operations. Although no active CVE KEV exploitations are recorded, Casky's continuous monitoring would flag attempts to abuse search path vulnerabilities through behavioral analysis, file system monitoring, and driver interaction patterns—enabling security teams to detect exploitation attempts before successful privilege escalation occurs.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-15515. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation